I6Initxzjie

**Name of the Vulnerable Software and Affected Versions** xzjie cms versions up to 1.0.3 **Description** A critical issue affects the processing of the file "/api/upload". The manipulation of the `uploadFile` argument leads to unrestricted upload. The attack can be initiated remotely. **Recommendations** For versions up to 1.0.3, consider disabling the upload functionality via the "/api/upload" endpoint until a patch is available. Restrict access to the `uploadFile` argument to minimize the risk of exploitation.